Skillv1.0.0

ClawScan security

autospec · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 1:55 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and instructions match (it is a formal-spec synthesis assistant), but the runtime expectations for external provers/tools are not declared and the SKILL.md implies access to user code/tests and external verification backends without specifying how — this mismatch is worth attention before installing.
Guidance: This skill appears to do what it says (generate and verify specs), but it leaves some runtime questions unanswered. Before installing or running it: 1) clarify how you will provide code and tests to the skill (avoid granting it broad filesystem or network access unless you trust it); 2) confirm where verification will run — do you have local provers (Dafny, Z3, CVC5) installed, or will the agent call remote services/APIs? The skill does not declare required binaries or installation steps, so be prepared to supply the tools or run the skill in an isolated environment (e.g., a dedicated container) to avoid accidental installation or exfiltration. If you need stronger assurance, ask the publisher to supply an install spec that lists required binaries and exact invocation methods, or request a version that limits operations to in-memory analysis of provided code snippets rather than arbitrary system/network access.

Review Dimensions

Purpose & Capability: okName, description, and SKILL.md consistently describe a specification-synthesis agent (pre/postconditions, invariants, verification). The included example code aligns with that purpose (analyzing functions, inferring specs, verifying with provers).
Instruction Scope: noteThe instructions are scoped to analyzing code, test cases, and running verification. They do not ask for unrelated system files or credentials. However, the SKILL.md repeatedly references external tools (Dafny, Z3, Frama‑C, etc.) and proving backends without specifying how those will be invoked or where they run — this creates ambiguity about whether the agent will attempt to access local binaries, install tools, or call remote services and whether it will require you to supply code/testcases or allow the agent to fetch them.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files that would be written to disk, which is low-risk. That said, because the instructions expect external verification tools, the skill should ideally declare required binaries or a recommended execution environment; its absence is an informational gap rather than an outright danger.
Credentials: okThe skill declares no environment variables, credentials, or config paths. The SKILL.md likewise does not request secrets. This is proportional to its stated purpose.
Persistence & Privilege: okalways is false and there is no sign the skill tries to persistently modify agent/system configuration or access other skills. Autonomous invocation is allowed by default but not by itself a concern here.